From owner-freebsd-hackers Wed Nov 8 7: 4:50 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from css-1.cs.iastate.edu (css-1.cs.iastate.edu [129.186.3.24]) by hub.freebsd.org (Postfix) with ESMTP id F01E137B4C5; Wed, 8 Nov 2000 07:04:44 -0800 (PST) Received: from popeye.cs.iastate.edu (ghelmer@popeye.cs.iastate.edu [129.186.3.4]) by css-1.cs.iastate.edu (8.9.0/8.9.0) with ESMTP id JAA12259; Wed, 8 Nov 2000 09:04:44 -0600 (CST) Received: from localhost (ghelmer@localhost) by popeye.cs.iastate.edu (8.9.0/8.9.0) with ESMTP id JAA06305; Wed, 8 Nov 2000 09:04:41 -0600 (CST) X-Authentication-Warning: popeye.cs.iastate.edu: ghelmer owned process doing -bs Date: Wed, 8 Nov 2000 09:04:41 -0600 (CST) From: Guy Helmer To: Konrad Heuer Cc: Kris Kennaway , freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: TCPDUMP patch v1.1 and AppleTalk In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 8 Nov 2000, Konrad Heuer wrote: > > On Tue, 7 Nov 2000, Kris Kennaway wrote: > > > On Tue, Nov 07, 2000 at 01:56:21PM +0100, Konrad Heuer wrote: > > > > > After patching and installing, tcpdump can't be used anymore since it puts > > > very heavy load onto the network via xl0 and AppleTalk broadcast messages > > > (one message each 0.2 ms). Sorry, in the moment I don't know more details > > > ... > > > > tcpdump shouldn't be sending any appletalk packets, I thought (I may > > be wrong, never used it on an appletalk network). Are you sure this is > > the problem? > > > > Kris > > Well, I don't know exactly what happens but I seems to be more complex > than I thought first. It doesn't happen each time I start tcpdump but when > some circumstances meet which I don't know my FreeBSD host begins to flood > the network with AppelTalk broadcast requests as long as tcpdump keeps > running. Killing tcpdump kills this flooding, too. I've never observed > such a situation before I applied the last patch, and I use tcpdump > frequently to analyze the one or other problem. On the other hand, our > network environment isn't static, of course, and I can't be sure about > other things that may have been changed from day to day. If you are running the daemon that supports Appletalk (is it netatalk?), perhaps the Appletalk daemon becomes confused when tcpdump puts the Ethernet interface into promiscuous mode. It may be that the daemon expects to see only the Appletalk traffic directed to it, and seeing *all* Appletalk traffic on the wire makes it go nuts. Guy Helmer, Ph.D. Candidate, Iowa State University Dept. of Computer Science Research Assistant, Dept. of Computer Science --- ghelmer@cs.iastate.edu http://www.cs.iastate.edu/~ghelmer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message